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1.0  Introduction 

This  document  describes  the  SAMSON  TD  Phase  I  trial  target,  approach, 
and  results.  According  to  the  SAMSON  TD  contract,  Bell  Canada  was  to 
deliver  a  functionally  complete  system  to  a  lab  environment  at  a 
designated  DRDC  research  facility  at  the  end  of  phase  I.  In  place  of  a 
laboratory-based  deployment,  SAMSON  was  demonstrated  at  a  military 
engineering  exercise,  namely,  Empire  Challenge  2010  (EC2010). 

A  Military  Engineering  exercise  provides  an  opportunity  to  test  new 
technologies  in  theatre-like  conditions.  Empire  Challenge  is  a  C4ISR 
exercise  that  allows  new  technologies  related  to  information  gathering 
and  information  management  to  be  deployed. 

Participation  in  this  exercise  was  approved  by  the  SAMSON  Project 
Manager  and  was  taken  to  be  the  new  target  deliverable  for  SAMSON 
phase  I.  In  order  to  participate  in  EC2010,  some  amendments1  to  the 
original  Phase  I  functionality  were  required  and  the  phase  I  end  date  was 
delayed  to  accommodate  the  development,  test  and  deployment  activities 
for  EC2010. 

2.0  Target  For  Trial 

The  SAMSON  Phase  I  development  target,  as  originally  defined  in  the 
SAMSON  TD  contract,  called  for  a  specific  set  of  functionally  complete 
capabilities.  However,  due  to  budgetary  shifts,  certain  core  capabilities 
were  deferred  to  phase  II.  For  EC2010,  some  phase  I  capabilities  were 
not  trialed,  while  new  capabilities  were  added  to  the  phase  I  target  and 
demonstrated  at  EC2010. 


1  Please  see  SAMSON  TD  contractual  amendment#3  for  additional  details. 
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Phase  I 


Figure  1:  SAMSON  Phase  I  Capability  Set 


2.1  Features  Tested 

The  following  table  identifies  the  features  tested  as  part  of  Empire 
Challenge. 


From  the  Original  Phase  I  Target 

Added  to  the  EC2010  Capability  Set 

•  XMPP-based  secure  message 
communication  architecture  and  data 
exchange. 

•  Identity  Provisioning  and  usage  via  the 
SAMSON  infrastructure. 

•  Virtualized  data  segregation  and 
endpoint  security  via  virtualization  at 
the  desktop. 

•  Collection  of  trusted  audit  records  for 
all  policy  enforced  and  security 
transactions. 

•  Secure  Data  Labelling  and 

Interpretation  of  labelled  data  in  a 
security  policy  context. 

•  Data  Protection  via  a  unified  policy 
decision  point. 

•  Data  Protection  for  file  sharing,  instant 
messaging,  web  and  email. 

•  Support  for  the  Transverse  IM  client 

•  XMPP-based  administration  of  users 
and  caveats 

•  Increased  stability  and  robustness 

•  Web-based  audit  review  interface 

•  System  monitoring  tools 
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2.2  Features  Not  Tested 

The  following  capabilities,  although  delivered  as  part  of  the  revised  phase 
I  target,  were  not  tested  in  the  EC2010  operational  environment: 

•  SAMSON  protected  database  access 

2.3  Scenarios  and  Test  Cases 

Rather  than  a  canned  test  environment,  the  EC2010  exercise  was  an 
operational  SECRET  coalition  environment.  The  testing  performed  against 
the  SAMSON  environment  during  the  exercise  took  the  form  of  typical  use 
cases  using  actual  data  originating  from  other  contributors  to  the 
exercise.  Analysis  of  the  data  in  an  operational  context  was 
demonstrated  for  coalition  members  to  show  the  COI  and  caveat 
separation  capabilities  of  the  solution. 


3.0  Approach 

SAMSON  was  trialed  as  an  active  participant  to  the  EC2010  exercise, 
leveraging  much  of  the  same  infrastructure  and  working  in  parallel  with 
other  operational  systems.  Data  was  manually  transferred  from  the 
primary  network  to  a  segregated  enclave  for  SAMSON  activities.  Exercise 
data  was  imported  from  operational  sources,  labelled  and  then  used  in 
demonstration  use  cases  for  project  stakeholders. 

3.1  Participants 

Representatives  from  Bell  Canada  and  DRDC  NIO  active  participants  to 
the  Canadian  contingent  at  EC2010  operational  sites. 

3.2  Tasks  and  responsibilities 

Bell  Canada  and  DRDC  NIO  staff  were  directly  responsible  for 
administering  SAMSON  in  each  of  the  exercise  locations.  The  SAMSON 
team  was  supported  by  DND/CF  staff  responsible  for  providing 
infrastructure  and  connectivity  between  EC2010  sites.  Bell  Canada  staff 
were  responsible  for  maintaining  SAMSON  in  an  operational  state  during 
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the  duration  of  the  exercise  and  DRDC  staff  were  responsible  for  running 
the  demonstrations  and  use  cases  to  meet  the  EC2010  objectives. 

3.3  Set-up  and  facilities 

The  SAMSON  infrastructure  was  deployed  to  two  locations: 

•  A  Forward  Operating  Base  (FOB)  located  at  Fort  Huachuca,  Sierra 
Vista,  Arizona,  US  (AZ);  and 

•  A  simulated  HQ  facility  located  at  the  Louis-St  Laurent  (LSTL) 
Building,  Gatineau,  PQ,  Canada 


The  LSTL  site  was  deemed  the  primary  location  with  all  local  and  remote 
workstations  leveraging  this  infrastructure.  The  remote  AZ  location  had 
both  connectivity  to  the  primary  site  plus  the  ability  to  run  in  an  isolated 
mode  using  a  purely  local  (redundant)  SAMSON  deployment  and  thus 
independent  of  external  connectivity. 


LSTL  Router 
172.16.0.1 
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Figure  2:  The  SAMSON  EC2010  Architecture 
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3.4  Metrics  and  Evaluation  Criteria 

The  goals  of  the  EC2010  exercise  were  to  demonstrate  new  capabilities  to 
coalition  and  identify  any  defects  in  the  existing  solution.  Evaluation 
criteria  were  loosely  defined  since,  as  an  engineering  exercise,  the 
expectation  was  that  each  solution  should  be  pushed  to  work  under 
conditions  that  closely  match  operational  conditions.  Success  metrics 
were  defined  in  the  following  terms: 

•  Did  the  solution  remains  operational  for  the  majority  of  the 
exercise? 

•  What  proportion  of  the  features  demonstrated  worked  as  excepted? 

•  How  much  engineering  /  maintenance  was  required  to  remain 
operational  and  a  contributing  member  of  the  coalition  force? 

3.5  Needs 

At  each  location,  SAMSON  required:  power,  connectivity  between  sites 
and  access  to  exercise-based  data.  Beyond  those  requirements,  SAMSON 
remained  a  self-contained  solution  and  remained,  by  design,  independent 
of  the  rest  of  the  EC2010  infrastructure. 

3.6  Staffing  and  training 

Both  locations  required  staffing  during  the  setup  and  operational  phases 
of  the  exercise.  In  rotating  shifts,  4  Bell  Canada  and  5  DRDC  NIO  staff 
were  required  to  set  up,  manage  and  demonstrate  SAMSON  capabilities. 

3.7  Schedule 

The  exercise  took  place  according  to  the  following  schedule. 


Date (2010) 

LSTL  site 

Arizona  Site 

July  12  -  July  17 

Setup  SoS2  (Bell) 

July  19  -  July  23 

Setup  gSOS  (Bell) 

July  26  -  July  30 

Configuration  and  Test 

Configuration  and  Test 

August2  -  August6 

Operational  Exercise 

Operational  Exercise 

August9  -  Augustl3 

Exercise  &  VIP  Week 

Exercise  &  VIP  Week 

2  SoS  is  the  deployment  name  for  the  LSTL  SAMSON  installation,  gSoS  is  the 
deployment  name  for  the  AZ  installation. 
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3.8  Data  captured  during  the  trial 

All  data  capture  during  this  operational  exercise  were  labelled  SECRET 
and  are  not  releasable  outside  the  demonstration  facilities. 

4.0  Results 

The  SAMSON  EC2010  trial  was  deemed  to  be  very  successful.  The 
following  points  are  notable: 

1.  The  SAMSON  solution  remained  operational  and  stable  for  the  full 
duration  of  the  EC2010  exercise  and  beyond.  The  use  of  local  and 
remote  infrastructure  allowed  SAMSON  to  operate  in  the  face  of 
intermittent  connectivity. 

2.  All  features  were  demonstrated  during  the  trial  and  there  were  no 
defects  encountered  that  limited  the  ability  for  SAMSON  to 
contribute  to  the  challenge. 

3.  The  exercise  uncovered  some  minor  configuration  and  operational 
defects  that  have  been  logged  in  the  SAMSON  bug  tracking  system 
and  will  be  addressed  in  the  next  phase  of  development. 

4.  The  SAMSON  infrastructure  remains  available  and  continues  to  be 
used  for  demonstrations. 
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